Mercurial > hg > nginx

comparison src/mail/ngx_mail_pop3_module.c @ 6774:bcb107bb89cd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Mail: support SASL EXTERNAL (RFC 4422). This is needed to allow TLS client certificate auth to work. With ssl_verify_client configured, the auth daemon can choose to allow the connection to proceed based on the certificate data. This has been tested with Thunderbird for IMAP only. I've not yet found a client that will do client certificate auth for POP3 or SMTP, and the method is not really documented anywhere that I can find. That said, its simple enough that the way I've done is probably right.
author Rob N ★ <robn@fastmail.com>
date Sat, 08 Oct 2016 18:05:00 +1100
parents 73b451d304c0
children 03735fef08da
comparison
equal deleted inserted replaced
6773:73b451d304c0 6774:bcb107bb89cd
27 27
28 static ngx_conf_bitmask_t ngx_mail_pop3_auth_methods[] = { 28 static ngx_conf_bitmask_t ngx_mail_pop3_auth_methods[] = {
29 { ngx_string("plain"), NGX_MAIL_AUTH_PLAIN_ENABLED }, 29 { ngx_string("plain"), NGX_MAIL_AUTH_PLAIN_ENABLED },
30 { ngx_string("apop"), NGX_MAIL_AUTH_APOP_ENABLED }, 30 { ngx_string("apop"), NGX_MAIL_AUTH_APOP_ENABLED },
31 { ngx_string("cram-md5"), NGX_MAIL_AUTH_CRAM_MD5_ENABLED }, 31 { ngx_string("cram-md5"), NGX_MAIL_AUTH_CRAM_MD5_ENABLED },
32 { ngx_string("external"), NGX_MAIL_AUTH_EXTERNAL_ENABLED },
32 { ngx_null_string, 0 } 33 { ngx_null_string, 0 }
33 }; 34 };
34 35
35 36
36 static ngx_str_t ngx_mail_pop3_auth_methods_names[] = { 37 static ngx_str_t ngx_mail_pop3_auth_methods_names[] = {
37 ngx_string("PLAIN"), 38 ngx_string("PLAIN"),
38 ngx_string("LOGIN"), 39 ngx_string("LOGIN"),
39 ngx_null_string, /* APOP */ 40 ngx_null_string, /* APOP */
40 ngx_string("CRAM-MD5"), 41 ngx_string("CRAM-MD5"),
42 ngx_string("EXTERNAL"),
41 ngx_null_string /* NONE */ 43 ngx_null_string /* NONE */
42 }; 44 };
43 45
44 46
45 static ngx_mail_protocol_t ngx_mail_pop3_protocol = { 47 static ngx_mail_protocol_t ngx_mail_pop3_protocol = {
178 } 180 }
179 181
180 size += sizeof("SASL") - 1 + sizeof(CRLF) - 1; 182 size += sizeof("SASL") - 1 + sizeof(CRLF) - 1;
181 183
182 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; 184 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0;
183 m <= NGX_MAIL_AUTH_CRAM_MD5_ENABLED; 185 m <= NGX_MAIL_AUTH_EXTERNAL_ENABLED;
184 m <<= 1, i++) 186 m <<= 1, i++)
185 { 187 {
186 if (m & conf->auth_methods) { 188 if (m & conf->auth_methods) {
187 size += 1 + ngx_mail_pop3_auth_methods_names[i].len; 189 size += 1 + ngx_mail_pop3_auth_methods_names[i].len;
188 } 190 }
205 } 207 }
206 208
207 p = ngx_cpymem(p, "SASL", sizeof("SASL") - 1); 209 p = ngx_cpymem(p, "SASL", sizeof("SASL") - 1);
208 210
209 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; 211 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0;
210 m <= NGX_MAIL_AUTH_CRAM_MD5_ENABLED; 212 m <= NGX_MAIL_AUTH_EXTERNAL_ENABLED;
211 m <<= 1, i++) 213 m <<= 1, i++)
212 { 214 {
213 if (m & conf->auth_methods) { 215 if (m & conf->auth_methods) {
214 *p++ = ' '; 216 *p++ = ' ';
215 p = ngx_cpymem(p, ngx_mail_pop3_auth_methods_names[i].data, 217 p = ngx_cpymem(p, ngx_mail_pop3_auth_methods_names[i].data,
241 243
242 size = sizeof("+OK methods supported:" CRLF) - 1 244 size = sizeof("+OK methods supported:" CRLF) - 1
243 + sizeof("." CRLF) - 1; 245 + sizeof("." CRLF) - 1;
244 246
245 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; 247 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0;
246 m <= NGX_MAIL_AUTH_CRAM_MD5_ENABLED; 248 m <= NGX_MAIL_AUTH_EXTERNAL_ENABLED;
247 m <<= 1, i++) 249 m <<= 1, i++)
248 { 250 {
249 if (m & conf->auth_methods) { 251 if (m & conf->auth_methods) {
250 size += ngx_mail_pop3_auth_methods_names[i].len 252 size += ngx_mail_pop3_auth_methods_names[i].len
251 + sizeof(CRLF) - 1; 253 + sizeof(CRLF) - 1;
262 264
263 p = ngx_cpymem(p, "+OK methods supported:" CRLF, 265 p = ngx_cpymem(p, "+OK methods supported:" CRLF,
264 sizeof("+OK methods supported:" CRLF) - 1); 266 sizeof("+OK methods supported:" CRLF) - 1);
265 267
266 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0; 268 for (m = NGX_MAIL_AUTH_PLAIN_ENABLED, i = 0;
267 m <= NGX_MAIL_AUTH_CRAM_MD5_ENABLED; 269 m <= NGX_MAIL_AUTH_EXTERNAL_ENABLED;
268 m <<= 1, i++) 270 m <<= 1, i++)
269 { 271 {
270 if (m & conf->auth_methods) { 272 if (m & conf->auth_methods) {
271 p = ngx_cpymem(p, ngx_mail_pop3_auth_methods_names[i].data, 273 p = ngx_cpymem(p, ngx_mail_pop3_auth_methods_names[i].data,
272 ngx_mail_pop3_auth_methods_names[i].len); 274 ngx_mail_pop3_auth_methods_names[i].len);